<?php
/**
 * Index.php for use within activation folder of whatsinvasive.com
 * Users receive an email containing a random string to enter in the website to prove they own the email address being associated from user_email.php
 * 
 *
 * @author kmayoral
 */
session_start();
if (isset($_SESSION['username'])) {
        $username = $_SESSION['username'];
        $first = $_SESSION['first'];
        $last = $_SESSION['last'];
	$imei = $_SESSION['imei'];
}
?>

<html>
<head>
	<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
	<title>what's invasive - help us monitor invasive plants</title>
	<script src="../cametrics.helper.js.php" type="text/javascript"></script>
	<script src="../javascript/prototype.js" type="text/javascript"></script>
 	<script src="../javascript/scriptaculous.js" type="text/javascript"></script>
<!--	<script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=ABQIAAAAbxIBxk4RA2V7uaS03qfgehT7b7gu89hlKy31xMkklkaqeiEoFBQp_k7FG85UP76O7qWNB3hiANOI9A" type="text/javascript"></script>
	
	<script src="javascript/stats_map.js" type="text/javascript"></script>
-->
	<script src="../javascript/plants.js" type="text/javascript"></script>

	<!-- Framework CSS -->
	<link rel="stylesheet" href="../css/blueprint/screen.css" type="text/css" media="screen, projection" />
	<!--[if IE]><link rel="stylesheet" href="css/blueprint/ie.css" type="text/css" media="screen, projection" /><![endif]-->

	<!-- CSS -->
	<link rel="stylesheet" href="../css/main.css" type="text/css">
</head>  
<body>
<div class="container">
<!-- Banner -->
	<div id="header" class="span-16 nav bcolor1 center">
		<br \>
		<h3><a href="http://whatsinvasive.com/" class="white"><i>What's Invasive!</i>&nbsp;&#8211; &nbsp;Santa Monica Mountains National Recreation Area</a></h3>
	</div>
	<div id="c1" class="span-2 bcolor2">
		<br>
		<h3>&nbsp;</h3>
	</div>
	<div id="c2" class="span-2 bcolor3">
		<br>
		<h3>&nbsp;</h3>
	</div>
	<div id="c3" class="span-2 bcolor4">
		<br>
		<h3>&nbsp;</h3>
	</div>
	<div id="c4" class="span-2 last bcolor5">
		<br>
		<h3>&nbsp;</h3>
	</div>

<!-- Begin top navigation -->
	<div id="headertext" class="span-24 last" style="padding: 5px 0px 0px 0px">
		<div id="headertext" class="span-24 last" style="background-color:#054700; padding: 3px 0px 3px 0px;">
			<span class="nav">
				<div class="span-1" style="font-weight: normal;">&nbsp;</div>
				<div class="span-2" style="font-weight: normal;"><a href="../plants.php">Plants</a></div>
				<div class="span-2" style="font-weight: normal;"><a href="../results_page.php">Results</a></div>
				<div class="span-2" style="font-weight: normal;">&nbsp; &nbsp; <a href="../maps_page.php">Maps</a></div>
				<div class="span-2" style="font-weight: normal;"><a href="../tagger_page.php">Verify</a></div>
				<div class="span-2" style="font-weight: normal;"><a href="../about_page.php">Info</a></div>
<?php if (isset($username)): ?>
				<div id="nav_user" class="span-2" style="font-weight: normal;"><a href="../login_page.php">User Page</a></div>
				<div id="nav_login" class="span-10 fitright" id="navigation" style="font-weight: normal;"><a href="../logout_page.php">Logout</a></div>
<?php else: ?>
				<div id="nav_user" class="span-2" style="font-weight: normal;">&nbsp;</div>
				<div id="nav_login" class="span-10 fitright" id="navigation" style="font-weight: normal;"><a href="../login_page.php">Login</a></div>
<?php endif; ?>
				<div class="span-1 last" style="font-weight: normal;">&nbsp;</div>
			</span>
		</div>  
	</div> 

<?php if (isset($_SESSION['error_message'])): ?>
	<div class="span-24 last error"><?=$_SESSION['error_message']?></div>
<?php
	unset($_SESSION['error_message']);
	endif;
?>
<div class="box span-11">
	<h3 style="font-weight: bold">Email Associations &#151; Activation by Email</h3>
<?php	
$is_post = FALSE;
//$show_form = TRUE;
$show_form = FALSE;
if(isset($_POST['confirming'])){
	$is_post = TRUE;
	$string = $_POST['string'];
	$rowID = $_POST['row'];
	$hash = $_POST['hash'];
	if($hash == md5($rowID . $string)){
		//activated, let's update database
		$dbname = $_SERVER['DOCUMENT_ROOT'].'../databases/whatsinvasive.db';
		$db = new PDO('sqlite:'.$dbname);	
		$sqlquery = "UPDATE emailassociations SET activated = :activated WHERE ROWID = $rowID";
		$stmt = $db->prepare($sqlquery);
		$stmt->bindValue(':activated','1', PDO::PARAM_STR);
		if(!$stmt->execute()){
			$message = "Failed to update DB, please try again later.";			
		}		
		else{
			$message = "Successfully activated your email address. Thank you!";
			$show_form = FALSE;
		}
	}
	else{
		$message = "You did not supply the correct text code. Try again.";
	}
}
if(!$is_post){

	if(!isset($_GET['val'])){
		$message = "This page has been incorrectly accessed: missing val.";
		$show_form = FALSE;
	}
	else if(!isset($_GET['row'])){
		$message = "This page has been incorrectly accessed: missing row.";
		$show_form = FALSE;
	}
	else if (!isset($_GET['string'])){
		$message = "This page has been incorrectly accessed: missing string.";
		$show_form = FALSE;
	}
	
	else{
		$dbname = $_SERVER['DOCUMENT_ROOT'].'../databases/whatsinvasive.db';
		$db = new PDO('sqlite:'.$dbname);	
		$rowID = $_GET['row'];
		$sqlquery = "SELECT activated FROM emailassociations WHERE ROWID = $rowID";
		$stmt = $db->prepare($sqlquery);
		$stmt->execute();
		$res = $stmt->fetch();
		if($res['activated']){
			$message = "This email has already been activated.";
			$show_form = FALSE;
		}	
		else{	
			$hash = $_GET['val'];
			$rowID = $_GET['row'];
			$string = $_GET['string'];
			$message = "Welcome to the email association activation page.";
			if($hash == md5($rowID . $string)){
			
				//activated, let's update database
				$dbname = $_SERVER['DOCUMENT_ROOT'].'../databases/whatsinvasive.db';
				$db = new PDO('sqlite:'.$dbname);	
				$sqlquery = "UPDATE emailassociations SET activated = :activated WHERE ROWID = $rowID";
				$stmt = $db->prepare($sqlquery);
				$stmt->bindValue(':activated','1', PDO::PARAM_STR);
				if(!$stmt->execute()){
					$message = "Failed to update DB, please try again later.";			
				}		
				else{
					$message = "Successfully activated your email address. Thank you!";
					$show_form = FALSE;
				}
			}
			else{
			$message = "You did not supply a correct activation url. Please check your email and try again.";
			}
		}
	}
}
?>
<div class = "message">
	<?php echo $message?>
</div>
<?php
if ($show_form){
?>

	<form action="index.php" method="POST">
		<input name="confirming" value="true" type="hidden" />
		<input name="hash" value="<?php echo urlencode($hash) ?>" type="hidden" />
		<input name="row" value="<?php echo urlencode($rowID) ?>" type="hidden" />
		<!--<input name="username" type="hidden" value="<?php echo $username?>" />	-->				
		<ul>
		<li>
			<label for="string">Please enter the text code sent by email:</label>
			<input name="string" id="string" type="text">
		</li>			
		</ul>					
		<input type="submit" value="Activate">
	</form>
	
<?php
}// end if ($show_form)

?>	
</div>

<!-- Begin footer -->
	<div id="headertext" class="span-24 last">&nbsp;</div>
	<hr />
	<div class="span-24 last navblack" align="center">
		<a href="http://www.nps.gov/samo/" target="_blank">Santa Monica NPS</a> &nbsp; | &nbsp; <a href="http://www.ucla.edu">UCLA</a> &nbsp; | &nbsp; <a href="http://cens.ucla.edu" target="_blank">CENS</a>
	</div>
</div>
</body>
</html>
